I am running ELK 7 and I have the following scenario.
I have data in one index that looks like this:
|Time|ID|AAA|
|Apr 6, 2022 @ 11:48:11.197|300965890|tar1|
|Apr 6, 2022 @ 11:48:11.196|300965890|add3|
|Apr 6, 2022 @ 11:48:11.195|300965890|add4|
|Apr 6, 2022 @ 11:48:11.194|300965888|tar1|
|Apr 6, 2022 @ 11:48:11.193|300965888|add2|
I want to make a data table that has the following structure
|AAA|# ID|
|tar1|2|
|add2|1|
|add3|1|
|add4|1|
|tar 1 & add3|1|
|tar1 & add4|1|
|tar 1 & add2|1|
I am having difficulty in making the rows where there is a combination of tar & add.
I used a breakdown by Filters and I have the following metrics (I chose the unique count).
Can you help me?